| Finding ID |
Severity |
Title |
Description |
|
V-81423
|
High |
XenDesktop License Server must implement cryptographic mechanisms to prevent unauthorized disclosure of information and/or detect changes to information during transmission unless otherwise protected by alternative physical safeguards, such as, at a minimum, a Protected Distribution Systems (PDS). |
Encrypting information for transmission protects information from unauthorized disclosure and modification. Cryptographic mechanisms implemented to protect information integrity include, for example, cryptographic hash functions that have common application in digital signatures, checksums, and message authentication codes.
This requirement applies only to applications that are distributed or can allow access to... |
|
V-81413
|
High |
XenDesktop License Server must implement DoD-approved encryption to protect the confidentiality of remote access sessions. |
Without confidentiality protection mechanisms, unauthorized individuals may gain access to sensitive information via a remote access session.
Remote access is access to DoD nonpublic information systems by an authorized user (or an information system) communicating through an external, non-organization-controlled network. Remote access methods include, for example, dial-up, broadband, and wireless.... |
|
V-81425
|
Medium |
XenDesktop License Server must maintain the confidentiality and integrity of information during reception. |
Information can be unintentionally or maliciously disclosed or modified during reception including, for example, during aggregation, at protocol transformation points, and during packing/unpacking. These unauthorized disclosures or modifications compromise the confidentiality or integrity of the information.
This requirement applies only to applications that are distributed or can allow access to... |
|
V-81421
|
Medium |
XenDesktop License Server must protect the confidentiality and integrity of transmitted information. |
Without protection of the transmitted information, confidentiality and integrity may be compromised since unprotected communications can be intercepted and read or altered.
This requirement applies only to applications that are distributed or can allow access to data non-locally. Use of this requirement will be limited to situations where the data... |
|
V-81419
|
Medium |
XenDesktop License Server must prohibit the use of cached authenticators after an organization-defined time period. |
If cached authentication information is out of date, the validity of the authentication information may be questionable. |
|
V-81417
|
Medium |
XenDesktop License Server must protect the authenticity of communications sessions. |
Authenticity protection provides protection against man-in-the-middle attacks/session hijacking and the insertion of false information into sessions.
Application communication sessions are protected using transport encryption protocols, such as SSL or TLS. SSL/TLS provide web applications with a way to authenticate user sessions and encrypt application traffic. Session authentication can be single... |
|
V-81415
|
Medium |
XenDesktop License Server must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited. |
Without the capability to restrict which roles and individuals can select which events are audited, unauthorized personnel may be able to prevent the auditing of critical events. Misconfigured audits may degrade the system's performance by overwhelming the audit log. Misconfigured audits may also make it more difficult to establish, correlate,... |
